From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Thu, 30 Dec 2021 17:45:22 +0000 (+0000)
Subject: AC SAML: cookies might be empty
X-Git-Tag: v9.00~84
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=1f3c01834fe494640fc4cff2dd3ea8a14156c94a;p=users%2Fdwmw2%2Fopenconnect.git

AC SAML: cookies might be empty

It has been reported that at least with Google's SAML
the error cookie can be present but empty.
Skip over them if so.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
---

diff --git a/cstp.c b/cstp.c
index e8fbc4d9..d390973f 100644
--- a/cstp.c
+++ b/cstp.c
@@ -1254,12 +1254,13 @@ int cstp_sso_detect_done(struct openconnect_info *vpninfo,
 {
 	int i;
 
+	/* Note that, at least with some backends (eg: Google's), empty cookies might be set */
 	for (i=0; result->cookies[i] != NULL; i+=2) {
 		const char *cname = result->cookies[i], *cval = result->cookies[i+1];
-		if (!strcmp(vpninfo->sso_token_cookie, cname)) {
+		if (!strcmp(vpninfo->sso_token_cookie, cname) && cval && cval[0] != '\0') {
 			vpninfo->sso_cookie_value = strdup(cval);
 			break;
-		} else if (!strcmp(vpninfo->sso_error_cookie, cname)) {
+		} else if (!strcmp(vpninfo->sso_error_cookie, cname) && cval && cval[0] != '\0') {
 			/* XX: or should we combine both the error cookie name and its value? */
 			vpninfo->quit_reason = strdup(cval);
 			return -EINVAL;